Heini Bergsson Debes scite author profile

In the race towards next-generation systems of systems, the adoption of edge and cloud computing is escalating to deliver the underpinning end-to-end services. To safeguard the increasing attack landscape, remote attestation lets a verifier reason about the state of an untrusted remote prover. However, for most schemes, verifiability is only established under the omniscient and trusted verifier assumption where a verifier knows the prover's trusted states and the prover must reveal evidence about its current state. This assumption severely challenges upscaling, inherently limits eligible verifiers, and naturally prohibits adoption in public-facing securitycritical networks. To meet current zero trust paradigms, we propose a general ZEro-Knowledge pRoof of cOnformance (ZEKRO) scheme, which considers mutually distrusting participants and enables a prover to convince an untrusted verifier about the correctness of its state in zero-knowledge by ensuring that the prover cannot cheat. CCS CONCEPTS• Security and privacy → Security protocols; Privacy-preserving protocols; Software security engineering.

show abstract

RETRACT: Expressive Designated Verifier Anonymous Credentials

Debes

Giannetsos

2023

View full text Add to dashboard Cite

Anonymous credentials (ACs) are secure digital versions of credentials that allow selective proof of possession of encoded attributes without revealing additional information. Attributes can include basic personal details (e.g., passport, medical records) and also claims about existing attributes (e.g., age > 18), which can be revealed without disclosing any concrete information. However, embedding all possible claims in a credential is impractical. To address this, we propose verifiers defining policies as high-level programs executed by holders on their credentials. We also propose making the proofs designated verifier to prevent the misuse or leakage of sensitive information by dishonest verifiers to any unwanted third party. CCS CONCEPTS• Security and privacy → Security protocols; Privacy-preserving protocols; Software security engineering.

show abstract

ZEKRA: Zero-Knowledge Control-Flow Attestation

Debes

Dushku

Giannetsos

et al. 2023

View full text Add to dashboard Cite

To detect runtime attacks against programs running on a remote computing platform, Control-Flow Attestation (CFA) lets a (trusted) verifier determine the legality of the program's execution path, as recorded and reported by the remote platform (prover). However, besides complicating scalability due to verifier complexity, this assumption regarding the verifier's trustworthiness renders existing CFA schemes prone to privacy breaches and implementation disclosure attacks under "honest-but-curious" adversaries. Thus, to suppress sensitive details from the verifier, we propose to have the prover outsource the verification of the attested execution path to an intermediate worker of which the verifier only learns the result. However, since a worker might be dishonest about the outcome of the verification, we propose a purely cryptographical solution of transforming the verification of the attested execution path into a verifiable computational task that can be reliably outsourced to a worker without relying on any trusted execution environment. Specifically, we propose to express a program-agnostic execution path verification task inside an arithmetic circuit whose correct execution can be verified by untrusted verifiers in zero knowledge. CCS CONCEPTS• Security and privacy → Security protocols; Privacy-preserving protocols; Software security engineering.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.